[webauthn] Review of WD08 from Ki-Eun Shin via GitHub on 2018-03-09 (public-webauthn@w3.org from March 2018)

From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
Date: Fri, 09 Mar 2018 08:03:17 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-303755986-1520582596-sysbot+gh@w3.org>

Kieun has just created a new issue for https://github.com/w3c/webauthn:

== Review of WD08 ==
Since the lack of time for reviewing full documents, I added some suggestions after reading the part of the specs.

1. In Abstract section, there is a high level description of this spec. Since attestation also involves signature generation, we may use _attestation_ in stead of _signature_ from the following sentence.
   > This specification also describes the functional model for WebAuthn conformant authenticators, including their **signature** and attestation functionality.

2. Chapter 2.4 describes CBOR encoding by referring FIDO2 CTAP Spec. The link for the spec is broken. Also chapter 3 has same reference which is broken.
Here's valid link for the spec
https://fidoalliance.org/specs/fido-v2.0-ps-20170927/fido-client-to-authenticator-protocol-v2.0-ps-20170927.html#message-encoding

3. Regarding FIDO AppID definition in Chapter 3, we may add link to FIDO AppID extension (https://www.w3.org/TR/2018/WD-webauthn-20180306/#sctn-appid-extension).

4. In Chapter 4, there is a terminology regarding an Authenticator. Since some authenticator dose not have user verification features, we need to add **user presence test** to following sentence.
   > A cryptographic entity used by a WebAuthn Client to (i) generate a public key credential and register it with a Relying Party, and (ii) authenticate by potentially verifying the user, and then cryptographically signing and returning, in the form of an Authentication Assertion, a challenge and other data presented by a Relying Party (in concert with the WebAuthn Client).

5. In Chapter 4, Client-side-resident Credential Private Key is described. There is a term **roaming authenticator**. We may refer following link.
https://www.w3.org/TR/2018/WD-webauthn-20180306/#roaming-authenticators
Also we may change Authenticator to authenticator in this description.



Please view or discuss this issue at https://github.com/w3c/webauthn/issues/831 using your GitHub account

Received on Friday, 9 March 2018 08:03:22 UTC